Modern web applications rely heavily on client-side functionality, implemented in the form of components running in a web browser. Components can carry security sensitive information, implement critical business logic, or provide trusted user interfaces to a user. As a result, components can be susceptible to attacks. In order to attack a component, an attacker has to be able to execute attacking code within the same web browser in which the component is located.